I set up server.crt, root.crt and servery.key in postgresql (using http://howtoforge.com/postgresql-ssl-certificates for instructions), set ssl = on and restarted the service successfully.
However, as I test the connection with psql to see if it's running in SSL I get the following
-bash-3.2$ psql -h localhost -U dbadmin
psql: could not open certificate file "/var/lib/pgsql/.postgresql/postgresql.crt": No such file or directory
I have the certificates stores in pgsql/data/, where they should be, so what's the disconnect between the top example and the following one?
Best Answer
This is looking for the client certificate files. The server certificate files belong in
pgsql/data/
, as you correctly pointed out. The client certificate files are looked for in$HOME/.postgresql/
. You are probably logged in as thepostgres
user, who happens to have a home directory of/var/lib/pgsql/
, so that's how you got that path.So either put the client certificate files where they are looked for, or log in as the correct user, or reconfigure the server so that it doesn't require client certificates.